package com.xiaoshi.config;

import com.xiaoshi.hander.ResAccessDeniedHandler;
import com.xiaoshi.hander.ResAuthExceptionEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * 资源服务器的配置类
 */
@Configuration
@EnableResourceServer  //开启资源服务器相关配置
public class XiaoshiResourceServerConfigure extends ResourceServerConfigurerAdapter {


    @Autowired
    private ResAccessDeniedHandler accessDeniedHandler;
    @Autowired
    private ResAuthExceptionEntryPoint exceptionEntryPoint;


    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .requestMatchers().antMatchers("/**")  //配置表明该安全配置对所有请求都生效
                .and()
                .authorizeRequests()
                .antMatchers("/doc.html","/webjars/**","/swagger-resources/**","/v2/api-docs/**","/v3/api-docs").permitAll()  // 放行
                .antMatchers("/**" ).authenticated();
    }


    /**
     * 注入    自定义 资源服务器异常
     *
     * @param resources
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.authenticationEntryPoint(exceptionEntryPoint)
                .accessDeniedHandler(accessDeniedHandler);
    }
}
